The chain reported that investigation into the matter has “identified the operation of malware designed to access payment card data from cards used on point-of-sale (POS) devices at certain Chipotle restaurants between March 24, 2017 and April 18, 2017. The malware searched for track data (which sometimes has cardholder name in addition to card number, expiration date, and internal verification code) read from the magnetic stripe of a payment card as it was being routed through the POS device. There is no indication that other customer information was affected.”

Chipotle says it has amped up its security measures, and encourages its customers to review bank and credit card statements regularly and to remain vigilant about the possibility of fraud. While not all locations were effected, Chipotle has also provided a tool to determine if a restaurant you patronized within the time frame was compromised.